A wolf in admin clothing. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

News, Daily News, Tech News, Technology

4.8 • 1.1K Ratings

🗓️ 11 April 2026

⏱️ 23 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Today we are joined by Selena Larson, Threat Researcher from Proofpoint research team and co-host of Only Malware in the Building, talking about their work on "(Don't) TrustConnect: It's a RAT in an RMM hat." Proofpoint uncovered TrustConnect, a malware-as-a-service platform posing as a legitimate remote monitoring and management (RMM) tool, but actually functioning as a remote access trojan (RAT) sold to cybercriminals for $300/month. The operation used a fake business website, legitimate-looking certificates, and branded installers (like fake Microsoft Teams or Zoom apps) to trick victims, while providing attackers with full remote control, file transfer, and surveillance capabilities. Although parts of its infrastructure were disrupted, the threat actor quickly rebounded with new variants, highlighting both the resilience of the operation and its deep ties to the broader cybercriminal ecosystem abusing RMM tools. The research and executive brief can be found here: (Don't) TrustConnect: It's a RAT in an RMM hat Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:10.4	Maybe that's an urgent message from your CEO, or maybe it's a deep fake trying to target your business.
0:20.3	Dopple is the AI-Native social engineering defense platform fighting back against impersonation
0:26.2	and manipulation. As attackers use AI to make their tactics more sophisticated, Dopple uses
0:32.6	it to fight back, from automatically dismantling cross-channel attacks to building team resilience and more.
0:39.9	Dopple, outpacing what's next in social engineering.
0:43.6	Learn more at doppel.com.
0:46.1	That's do p-p-p-el.com.
0:48.9	Thank you. Hello everyone and welcome to the Cyberwires Research Saturday.
1:04.1	I'm Dave Bittner, and this is our weekly conversation with researchers and analysts
1:08.8	tracking down the threats and vulnerabilities,
1:11.6	solving some of the hard problems and protecting ourselves in a rapidly evolving cyberspace.
1:17.4	Thanks for joining us.
1:23.5	And so ultimately what we identified was it's this fake RMM.
1:29.2	It's a malware, remote access trojan that's masquerading as a remote monitoring and management
1:34.1	tool.
1:34.9	And they had everything looked legit.
1:37.6	So they had this likely AI generated website, just totally vibe coded that said, hey, you
1:43.6	know, we're this brand new
1:45.4	RMM, here's our customer testimonials, here's all the customers that we have, and here's
1:49.6	how you can download this remote monitoring and management tool, which of course was actually
1:55.5	malware.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.